CVE-2024-10857

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Nov 26, 2024
CWE ID 35

Summary

CVE-2024-10857 is a directory traversal vulnerability affecting the WooCommerce plugin for WordPress, versions 1.9 and below. This issue stems from insufficient validation and sanitization of input fields within the handle_downloads() function. Attackers with Contributor-level access or higher can exploit this weakness, enabling them to read arbitrary files on the server. The potential consequences of this vulnerability include the exposure of sensitive information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share